CLAIMS 

Please amend Clainis 1 and. 23 as follows: 

1 . (Currently Amended) A method for responding to network Intrusions, 
comprising: 

a) receiving an Intrusion detection system (IDS) alert from an IDS sensor 
located in a network of computing resources, wherein said IDS alert indicates an 
unauthorized intrusion upon a'remotely located computing resource in said network of 
computing resources; 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a 
location separate from said remotely located computing resource so that said 
determining said appropriate response is unaffected by said unauthorized intrusion; 
and 

d) automatically implementing said appropriate response to mitigate damage 
to said network of computing resources from said unauthorized intrusion by isolating 
said remot ely located computina resource . 

2. (Originaiythe me1thO(d& aairn 

a1) detecting a suspicious intrusion Into said computing resource; 
a2) detennining said suspicious intrusion is unauthorized; 
a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from 
said computing resource within said networi< of computing resources. 

3. (Original) The method of Claim 2, wherein a2) further comprises: 
determining said suspicious intrusion is unauthorized when said suspicious 

intrusion matches with at least one of a list of unauthorized intrusions. 

4. (Original) The method of'Clalm 2, wherein a1) comprises: 
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detecting said suspicious intrusion at a host-based intrusion detection system 
(l-ilDS) sensor located on said computing resource. 

6. (Original) The method of Claim 2, wherein a1 ) comprises: 
detecting said suspicious intrusion at a network-based intrusion detection 
system (NIDS) sensor located within said network of computing resources. 

6. (Original) The method of Claim 1 , wherein d) further comprises: 

d1) interfacing with a power controller that controls power to said computing 
resource to shut power to said computing resource. 

7. (Original) The method of Claim 1 , wherein d) further comprises: 

d1) interfacing with at least one switch, an associated switch, In said network 
of computing resources to virtually reconfigure said associated switch in order to 
virtually isolate said coriiputiiigl^esource resources in said 

network of computing resources. 

8. (Original) The method of Claim 7, wherein said associated switch 
comprises an Ethemet switch. 

•• • • - 

9. (Original) The method of Claim 7, wherein said associated switch 
comprises a Storage Area Network (SAN) switch. 

1 0. (Original) The method of Claim 7, wherein said at least one switch 
comprises a SAN switch and an Ethernet switch. 

— ng rr-'LT-- : : • 

1 1 . (Original) The method of Claim 1 , wherein said networic of computing 
resources comprises a provisional data center. 

12. (Original) A method for responding to networi< intrusions, comprising: 
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a) receiving an intrusion detection system (IDS) alert from an IDS sensor in a 
networic of computing resources at a location separate from an infected computing 
resource, wherein said IDS alert indicates an unauthorized intrusion upon said 
infected computing resource in said network of computing resources, wherein 
implementation of a response! toiald IDS alert is unaffected by said unauthorized 
intrusion; 

b) responding to said IDS alert by automatically interfacing with at least one 
switch in said network of computing resources to virtually reconfigure said at least one 
switch, an associated switch, in order to virtually isolate said computing resource from 
remaining computing resources in said network of computing resources; and 

c) responding to said IDS alert by automatically interfacing with a power 
controller that controls power to said computing resource to shut power to said 
computing resource. 



1 3. (Original) The method of Claim 1 2, wherein a) further comprises: 
a1 ) detecting a suspiaous irt resource; 
a2) determining said suspicious intrusion is unauthorized; 

a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from 
said computing resource within said network of computing resources. 

14. (Original) The method of Claim 13. wherein a2) further comprises: 
determining said suspicious intrusion is unauthorized when said suspicious 

intrusion matches with at least one of a list of unauthorized intrusions. 

15. (Original) The method of claim 13, wherein a1) comprises: 
detecting said suspicid&s Tntrijsion at a host-based intrusion detection system 

(HIDS) sensor located on said computing resource. 

16. (Original) The method of Claim 13. wherein a1) comprises: 
detecting said suspicious intrusion at a network-based intrusion detection 

system (NIDS) sensor located within said network of computing resources. 
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1 7. (Original) The method of Claim 12, wherein said network of computing 
resources comprises a provisional data center. 

18. (Original) The method of Claim 12, wherein said switch couples said 
computing resource to a virtual local area network. 

19. (Original) The method of Claim 12, wherein said switch comprises an 
Ethernet switch. 

20. (Original) The method of Claim 12, wherein said associated switch 
comprises a Storage Area Netyvork (SAN) switch. 

21 . (Original) The method of Claim 12, wherein said at least one switch 
comprises a SAN switch and an Ethernet switch. 

22. (Original) The method of Claim 12, wherein further comprising: 
automatically interfacing with said associated switch in said network of 

computing resources; and 

automatically Interfacing with said power controller. 

23. (Currently AmendedYA computer system comprising: 

a bus for communicating information associated with a method for 
responding to network intrusions; 

a processor coupled to said bus for processing said information associated 
with said method for responding to network intrusions; and 

a computer readable memory coupled to said processor containing program 
instructions, that when executed by said processor, implement said method for 
responding to network intrusions, comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor 
located in a network of computing resources, wherein said IDS alert indicates an 
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unauthorized intrusion upon a remotely located computing resource in said network of 
computing resources; 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a 
location separate from said remotely located computing resource so that said 
determining said appropriate response is unaffected by said unauthorized intrusion; 
and 

d) automatically implementing said appropriate response to mitigate damage 
to said network of computing resources from said unauthorized Intrusion bv isolating 
said remotely located computing resource . 

24. (Original) The computer system of Claim 23, wherein a) in said method 
further comprises: 

a1) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 
a3) generating said IDS alert; and ' 

a4) sending said IDS alert to an IDS manager that is located remotely from 
said computing resource within said network of computing resources. 

25. (Original) The computer system of Claim 24, wherein a2) in said method 
further comprises: 

determining said suspicious intrusion is unauthorized when said suspicious 
intrusion matches with at least one of a list of unauthorized intrusions. 

26. (Original) The computer system of Claim 24, wherein a1 ) In said method 
comprises: 

detecting said suspicious intrusion at a host-based intrusion detection system 
(HIDS) sensor located on said computing resource. 

27. (Original) The computer system of Claim 24, wherein a1) in said method 
comprises: 
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detecting said suspicious intrusion at a networl(-based intrusion detection 
system (NIDS) sensor located within said network of computing resources. 

28. (Original) The computer system of Claim 23, wherein d) in said method 
further comprises: 

d1) interfacing with a power controller that controls power to said computing 
resource to shut power to said computing resource. 

29. (Original) The computer system of Claim 23, wherein d) in said method 
further comprises: 

d1) interfacing with at least one switch, an associated switch, in said network 
of computing resources to virtually reconfigure said associated switch in order to 
virtually isolate said computing resource from remaining computing resources in said 
network of computing resources. 

30. (Original) The computer system of Claim 29, wherein said associated 

switch comprises an Ethernet switch. 

'■»■■.• 

31 . (Original) The computer system of Claim 29, wherein said associated 
switch comprises a Storage Area Network (SAN) switch. 

32. (Original) The computer system of Claim 29, wherein said at least one 
switch comprises a SAN swit6'li^Sihd'an' Etheirnet switch. 

33. (Original) The computer system of Claim 23, wherein said network of 
computing resources comprises a provisional data center. 
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